package com.oguzhan.xtools.soa.token.util;

import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

public class EasyX509TrustManager
  implements X509TrustManager
{
  private X509TrustManager standardTrustManager;

  public EasyX509TrustManager(KeyStore keystore)
    throws NoSuchAlgorithmException, KeyStoreException
  {
    this.standardTrustManager = null;
    TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    factory.init(keystore);
    TrustManager[] trustmanagers = factory.getTrustManagers();
    if (trustmanagers.length == 0) {
      throw new NoSuchAlgorithmException("no trust manager found");
    }
    this.standardTrustManager = ((X509TrustManager)trustmanagers[0]);
  }

  public void checkClientTrusted(X509Certificate[] certificates, String authType)
    throws CertificateException
  {
    this.standardTrustManager.checkClientTrusted(certificates, authType);
  }

  public void checkServerTrusted(X509Certificate[] certificates, String authType) throws CertificateException {
    if (certificates != null) {
      System.out.println("Server certificate chain:");
      for (int i = 0; i < certificates.length; ++i) {
        System.out.println(
          "X509Certificate[" + i + "]=" + certificates[i]);
      }
    }

    if ((certificates != null) && (certificates.length == 1))
      certificates[0].checkValidity();
    else
      this.standardTrustManager.checkServerTrusted(certificates, authType);
  }

  public X509Certificate[] getAcceptedIssuers()
  {
    return this.standardTrustManager.getAcceptedIssuers();
  }
}